Modern networking continues to provide communication and information access increases and improvements. The continuing growth of networking systems and technology seems limitless and the speed of networked communications has brought benefits to nearly every human endeavor.
Recent trends in information technology have seen large enterprises and other users moving towards a new paradigm of network utilization, the provisionable utility data center (UDC). A provisionable data center allows a centralization of information technology (IT) services and enterprise-wide, and even internet-wide, access to specialized data and functions. The various moves to re-centralize IT systems of all kinds are driven in part by shortages in qualified IT staff and by the intrinsic inefficiencies of distributed systems. Notably, many IT managers are migrating to a smaller number of large data centers. Enabled by abundant and relatively inexpensive network bandwidth, IT services can now be distributed to users globally. The need to nest server-side technology near the client workstation is lessening, which has led to this dramatic change in IT architecture.
This re-centralization requires greater resilience, reliability and security, since a failure of shared resources or a loss of critical data can affect an enterprise using a provisionable data center to a large degree. At the same time, though, consolidated provisionable data centers can more easily be engineered to eliminate single points of failure.
Another trend is the growing importance of third-party service providers. Networking enterprises are finding it advantageous to turn to service providers instead of bearing the cost of internal development, deployment, and maintenance of their own in-house systems. In areas such as global networking, service providers dominate in provisioning a commodity resource that enterprises could never develop individually. Storage service providers allow enterprises to cache data conveniently. A small, but growing, contingent of application service providers (ASPs) now are able to operate enterprise software systems. IT service providers are exploiting the opportunity to consolidate across enterprises, which allows them to be highly competitive with internal IT organizations.
The system management tools available to reliably operate and secure the resultant necessarily complex network systems are also emerging. Constant, dynamic, reprovisioning of resources to match shifting clients and client needs depends on a strong IT resource management foundation.
Even more than earlier distributed networks, provisionable data center networks are exposed to possible security lapse and even attack through the multitudinous communications links such systems entail. Because there is necessary communication within and between resources contained within the provisionable data center, as well as communication with users outside the network, the possible avenues of security failure are many.
In addition to the “normal” hacker attack, security breaches can consist of such things as the unauthorized entry into a portion of a database by an otherwise authorized user or the unauthorized use of an application managed by the center. An example of this could be use by a foreign engineering entity of a supercomputer computational fluid dynamics facility, perhaps barred by technology exchange law, wherein the foreign entity's use of other portions of the same provisionable data center is legitimate and desirable.
Another example involves a case wherein there are competing clients legitimately served by the UDC and who share some of the available resources, such as a marketing database. These same two clients may also employ the UDC for secure archiving of proprietary data that neither wants the other to access. Furthermore, the management system of a provisionable data center itself could be the target of a focused intrusion whose goal could be the weakening of the management structure to enable other intrusions.
While there are network intrusion detection systems (NIDS) to aid in security of UDCs, there is little in the way of systems protecting the NIDS itself. A NIDS is a possible target of hostile attacks such as: attempts to gain access to the NIDS by compromising network services such as a web server, SNMP (simple network management protocol), or email; attempts to log into the root or administrator users; attempts to change the file or directory permission to read or modify files on the NIDS sensor or manager, possibly to erase evidence of an intrusion; unauthorized attempts to start services that should not be running on the NIDS sensors.
Previous IDS (Intrusion Detection System) lockdown software has not taken a comprehensive look at IDS security. If products did look at IDS security, they tended to only protect software components that were directly related to IDS software: the IDS registry entry on Microsoft Windows systems, and the file and directory security for the IDS files themselves.
What is needed, then, is a methodology to provide security to the intrusion detection system (IDS) sensors in the provisionable utility data center (UDC) such that the IDS components of the data center can be protected from intrusions that originate from either an external source, such as a public facing internet/virtual private network (VPN), resources provisioned by the data center, or the systems within a less trusted part of the data center's management infrastructure.